Slashdot Mirror
Apple Releases Patch For Evasi0n Jailbreak (After It's Used 18 Million Times)
Sparrowvsrevolution writes "Apple has released a new update for iOS that prevents the jailbreak evasi0n released last month. But that hacking tool has already become the most popular jailbreak ever: It's been used to remove the software restrictions on 18.2 million devices in the 43 days between its release and the patch, according to data from Cydia, the app store for jailbroken devices. In its announcement of the update, Apple says it has fixed six bugs and was polite enough to credit the hackers behind evasi0n with finding four of them. At least one of the bugs used by evasi0n remains unpatched, according to David Wang, one of evasi0n's creators. And Wang says that he and his fellow hackers still have bugs in reserve for a new jailbreak, although they plan to keep them secret until the next major release."
It's called Android...
How are they going to produce jailbreaks if they report it?
It would be irresponsible of them to deliberately collaborate with restricting user freedoms.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
I hate it when people cry foul when Apple patches a jailbreak method. I find visiting a web page or opening a PDF that can root your device then automatically installs binaries and run them without user intervention that has full access to your whole phone quite worrying.
I do wonder if someone has maliciously used a jailbreak methods on their own web site, installing binaries remotely without the user knowing, and then taking data. How do you find out if this has happened?
This would clearly be the case if Apple did not insist on locking down devices in ways the consumers don't want. If there were, say, a menu option for "allow installation from unknown sources", there would be no excuse for sitting on bugs. As it is now, it is muddier: On the one hand, it is a security flaw that should be patched. On the other hand, it is a way to ensure that they can keep using their hardware in the way they want to.
Of course, the easy way around the dilemma would be to insist on only paying money for hardware you actually own, not quasi-lease, which is the only option Apple wants for iOS hardware.
They did.
The security flaws were hurting iOS users, so they reported them using their tool.
The reason security flaws are reported is in order to protect the users, not the vendor.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
The exploit used by evasi0n to gain root is a missing permissions check in USB backup/restore.
So unless your web page or PDF somehow magically plugs a iPhone into a properly prepared host... nope.
How are they going to produce jailbreaks if they report it?
It would be irresponsible of them to deliberately collaborate with restricting user freedoms.
I don't care about jailbreaks, I'm not going to install one anyway. Ever. I do care about security flaws in the operating system that is installed on hundreds of millions of devices.
It's plenty flexible enough for me without jailbreaking. I can compile and install my own apps without going through the store. You just have to have a developer account (which is not very expensive).
Bullshit. Most users are perfectly happy with the device. A few - very few, though vocal on this site - wants to do something they were never promised, and those few put the majority in danger. Granted, chances are, the flaws would not be know currently otherwise, but sitting on a flaw for your egoistical reasons is a bad reason.
I hate it when people cry foul when Apple patches a jailbreak method. I find visiting a web page or opening a PDF that can root your device then automatically installs binaries and run them without user intervention that has full access to your whole phone quite worrying.
At least with the iPhone and other Apple devices, all but the original tiff bug for jailbreakme.com have required installing a jailbreaking software package and cabling the device to your computer in order to accomplish the jailbreak.
You can get malicious software through the approves install channels very rarely (Apple generally disallows PhoneGap type software, which requires a captive custom UIView in order to cause problems via DNS redirection), so you mostly see malicious software in places where the markets consist of "install any software from an untrusted source after it has been downloaded from a trusted source, and then trojaned". In other words, typically Asian Warez sites that claim to let you download iApps that would normally have a higher price tag if you got them through the App store.
I have seen a lot more malware coming out on Android platform devices through nominally legitimate channels, since anyone can sign an app and run their own App store for Android. So the walled garden you are admiring in Apple is somewhat helpful in one way, but typically very harmful in others, in terms of editorial content.
Philosophically, jailbreaking should be, and should remain legal. Minimally: I paid for the atoms in that phone, and those atoms will damn well do what I tell them to without intermediation by a third party who has no business telling me what to do with my atoms.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
If people were happy with their devices being locked up and restricted I'm assuming 18 million of them wouldn't have used this jailbreak in a little over a month. That number seems like it includes a lot more than just geeks and hobbyists.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
Apple obviously doesn't know what at least 18 million, 200,000 of their customers want.
Fuck no.
For fucking millionth time, the only way to not deliberately collaborate with restricting user freedoms is to not fucking buy the restricted stuff in the first place.
You buy DRM'ed shit - you give the DRM producer money. The fact that you intend to use hacks to circumvent the DRM later only sends a clear message: "We're doing fine, we just need to clamp down on them hackers harder".
This is not fighting for freedom, this is entitlement complex. I could somewhat understand looking to break DRM when non-DRM media in some class is nonexistent or virtually nonexistent - like in DVD video case, but not in cases like smartphones or, say, videogames. You're not entitled to it. Just say "fuck you" to them and their shiny toys and go play elsewhere - the playground is huge and alternatives are plenty.
I jailbroke my idevices because the ones I have can't be unlocked any other way. It was just the carrier locking I wanted around.
Learn to love Alaska
there's never been malware that used any of them.
That you know of.
You don't actually need to jailbreak an Android phone, they are already jailbroken. You just go and press a button to allow applications from sources other than the Google Play store. It will warn you that you may face hacking, doom, whatever but it will then allow you to install applications from any source you like. You can download them off the web, you can get other application stores, like Amazon's, whatever you want. Rooting is if you want full control of your device. You are right that some devices are very locked down and hard to root. However it really isn't comparable, since they are all more or less jailbroken.
The main reason to jailbreak iPhone is to get access to non-Apple applications. That is just not necessary on Android.
The install base of iOS is 300 million plus. Also, how many of those 18 million, 200.000 are unique device jailbreaks and how many are dupes? It seems to me that most iOS users don't bother to jailbreak. Those 18 million are certainly not many enough to force Apple to and abandon jailing.
18 million people sought out and used the jailbreak, that's significant because this isn't something they can just go get at the app store.
For every one of those 18 million how many others do you think didn't because they didn't want to void their warranties? Or they (rightfully) didn't want to risk installing malware or bricking their phone by blindly installing some hack from an unknown 3rd party? Or they didn't feel comfortable or technically competent enough to mess with the core software of their device?
And then consider all of the people who would have used the jailbreak but simply didn't learn about it during the 6 weeks of its existence.
It may be legal to jailbreak, but why should that stop Apple from patching security flaws in their software? If Apple doesn't provide a jailbreak feature built-in to their phones, jailbreakers have to rely on security flaws - flaws that may be patched at any given point in time.
> The main reason to jailbreak an iPhone is to pirate apps.
Yes. Gaze upon the ultimate manifestation of the Apple cult mentality:
If you want to do something interesting, you must "justify yourself". The basic notion of liberty encapsulated by "why not' is totally alien. If you are the least bit creative, you get called a criminal.
A Pirate and a Puritan look the same on a balance sheet.
Apple didn't release the patch "to break the jailbreak", but to solve a more severe bug - that someone can take your locked phone and break into it.
Fixing the jailbreak (it was fixing one of the many exploits it relied on) could have been a side effect, or on purpose, but the main fix was to fix the damn privacy flaw.
Of course, everyone concentrates on the jailbreaking aspect, and not the real reason for the fix that everyone knew was coming (and has been demonstrated weeks ago).